Share via


MS10-070 - Important ASP.NET security bulletin and update available

On Tuesday we released a very important security bulletin and update for ASP.NET. If you are responsible for an ASP.NET web server please take the time to review the information and act accordingly. I’m not going to try and regurgitate the detail here but here are some key links:

Bulletin MS10-070

https://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

ScottGu blog

ASP.NET Security Update Now Available (this, in my opinion, has the clearest explanation of which patches you need depending on which OS and framework versions you have)

ASP.NET Security Update Shipping Tuesday, Sept 28th

Update on ASP.NET Vulnerability

Frequently Asked Questions about the ASP.NET Security Vulnerability

Important: ASP.NET Security Vulnerability

KB

https://support.microsoft.com/?id=2418042

Security advisory

https://www.microsoft.com/technet/security/advisory/2416728.mspx

CVE

https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332

Microsoft Security Research and Defense blog

Additional Information about the ASP.NET Vulnerability

Understanding the ASP.NET Vulnerability (including custom error configuration detection script)

Special forum to discuss the vulnerability

https://forums.asp.net/1233.aspx

HTH

Doug